AMENDMENT UNDER 37 C.F.R. § 1.114(c) 
U.S. Application No.: 10/511,898 



Attorney Docket No.: Q83 178 



REMARKS 

This Amendment, submitted in reply to the Office Action dated March 18, 2010, is 
believed to be fully responsive to each point of rejection raised therein. Accordingly, favorable 
reconsideration on the merits is respectfully requested. 

Claims 1-19 are all the claims pending in the application. Claim 15 has been amended. 

I. Rejection of claims 15-18 under 35 U.S.C. § 102 

Claims 15-18 are rejected under 35 U.S.C. § 102(b) as being anticipated by Coss et al. 
(Coss hereinafter) (US Patent No. 6,170,012 Bl). 

Claim 15 

Claim 15 has been amended to recite "wherein the management module includes a 
configuration module which decides when to make modifications to a current configuration of a 
firewall." Support for the amendment can be found at, for example, page 10, lines 17-35 and 
page 11, lines 24-35, of the Applicant's originally filed specification. As discussed with the 
Examiner, the currently cited art does not teach or suggest that a management module includes a 
configuration module which decides when to make modifications to a current configuration of a 
firewall. Therefore, claim 15 and its dependent claim 16 should be deemed allowable. 
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Also, claim 15 recites, inter alia,: 

"a management module coupled to said network data 
processing module, said management module comprising a 
first memory containing a first table, said first table 
containing primary identifiers associated with at least one 
parameterized rule for providing direction to said network 
data processing module when one or more of said primary 
identifiers and said at least one parameterized rule are 
associated with at least one parameter value 

The Examiner asserts that Fig. 3 and column 3, line 4 and lines 66-67 teaches the claimed 
first memory containing a first table. However, there is no teaching or suggestion of a 
management module coupled to the network data processing module (firewall as asserted by the 
Examiner) comprising the first memory containing a first table. Coss discloses that the security 
policies can be represented by sets of access rules which are represented in tabular form and 
which are loaded into the firewall by a firewall administrator. 

Therefore, Coss does not teach or suggest the claimed management module coupled to 
the network data processing module. 

In Response to Applicant's arguments, on page 2 of the Advisory Action, the Examiner 
asserts that the claimed management module is disclosed in column 3, lines 54-67 and column 4, 
line 1 . As discussed above, the aspects of Coss cited by the Examiner describe that the security 
policies can be represented by sets of access rules which are represented in tabular form and 
which are loaded into the firewall by a firewall administrator. However, there is no teaching or 
suggestion of the claimed management module. 
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Further, the Examiner asserts that the firewall of Coss teaches the claimed network data 
processing module . See page 2 of Office Action. However, Applicant submits that Coss does 
not disclose the claimed management module coupled to the network data processing module. 
The Examiner asserts that the claimed management module is disclosed in cols. 3 and 4 and lines 
66-67 and 1. 

However, this aspect of Coss cited by the Examiner describes: 

The security policies can be represented by sets of 
access rules which are represented in tabular form and 
which are loaded into the firewall by a firewall 
administrator. As illustrated in FIG. 3, such a table can 
provide for categories including rule number, designations 
of source and destination hosts, a designation of a special 
service which can be called for in a packet, and a 
specification of an action to be taken on a packet. Special 
services can include proxy services, network address 
translation, and encryption, for example. 



However, this describes the security policies are loaded into a firewall (which the 
Examiner asserts teaches a network data processing module) by an administrator. Therefore, the 
firewall of Coss could not also teach the management module coupled to the network data 
processing module. Specifically, based on the Examiner's reasoning, the firewall would be 
coupled to itself, thereby evidencing the deficiency in the Examiner's rejection. 

Claim 15 recites, inter alia, "wherein said at least one primary metarule is specified 
according to a string of characters containing a place-holder for each parameter of said primary 
metarule that is not statically defined, wherein the place-holder is relevant to the rule ." 
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Coss only teaches the use of a "wild card" place-holder that represents "when a category 
provided for in the rule table is irrelevant in a certain rule." Coss, col. 4, lines 15-21. In 
contrast, the place-holder described in the Specification at p. 15, line 34 - p. 16, line 2, 
clearly represents the source or destination in the embodied rule prototypes, and the place-holder 
has definite relevance, as it corresponds to the ISP address of the e-mail server on the LAN. 

In reply to Applicant's arguments, on pages 15-16 of the Final Office Action, the 
Examiner cites col. 4, lines 15-21 in support of the Examiner's rejection. However, as discussed 
above, this is explicitly contrary to the recitations of claim 1 . Specifically, the wild card place 
holder of Coss applies when a category provided for in the rule table is irrelevant in a certain 
rule , whereas the claimed limitation recites that the place-holder is relevant to the rule. 

Also, on page 16 of the Final Office Action and in the Advisory Action, the Examiner 
asserts that an embodiment of the invention discloses that the place-holder corresponds to an ISP 
address, and therefore, the Examiner interprets that place-holder as corresponding to the ISP 
address. Applicant notes that the Examiner should not unduly narrow the scope of the claims and 
the claims should be interpreted based on the actual claim language. Further, as the wild card 
"*"of Coss is provided for categories which are irrelevant to the rule, the DEST HOST of rule 20 
as shown in Fig. 3 is irrelevant to rule 20. Consequently, the DEST HOST represented by an 
"*" in rule 20 is not relevant to the rule. 

The Applicant thus submits that Coss fails to teach each and every element of claim 15, 
therefore, claim 15 and dependent claim 16 should be deemed allowable. 
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To the extent independent claims 17 and 18 recite similar subject matter, claims 17 and 
18 should be deemed allowable for at least the same reasons. 

Claim 16 

Claim 16 recites "said management module further comprising a second memory 
containing a second table, said second table containing secondary identifiers associated with at 
least one of said primary identifiers and one or more respective parameter values." 

The Examiner asserts that Figs. 3 and 4 and column 5, lines 51-57 teaches the elements of 
claim 16. The aspects of Coss cited by the Examiner describe a rule table (Fig. 3) and a cache 
(Fig. 4). Further, Coss discloses that as the number of cache entries can grow to many times the 
number of rules, efficient use of a cache may require indexing. 

However, contrary to the Examiner's assertions, there is no teaching or suggestion of the 
claimed management module, or that the management module comprises a second memory 
containing a second table as claimed. 

Therefore, claim 16 and should further be deemed allowable. 

II. Rejection of claims 1-14 and 19 under 35 U.S.C. § 103 

Claims 1-14, and 19 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Coss et al. (Coss hereinafter) (US Patent No. 6,170,012 Bl) in view of Bellinger et al. (Bellinger 
hereinafter) (US 2002/0169858). 
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To the extent independent claims 1 and 9 recite subject matter similar to independent 
claims 15, 17 and 18 as discussed above, Applicant submits that independent claims 1 and 9 and 
their dependent claims should be deemed allowable for at least the same reasons. Moreover, 
Bellinger does not cure the deficiencies of Coss. 

Claim 1 recites "a first table storing sets of at least one primary rule , called "primary 
metarules," in a parameterizable form and in corresponding relationship to primary identifiers ." 
See for example, page 16, lines 5-9 of the Applicant's originally filed specification. 

The Examiner asserts that column 4, lines 1-6 teaches this aspect of the claim. Coss 
discloses that security policy rules can be represented by sets of access rules which are 
represented in tabular form and are loaded into a firewall. The table can provide for categories 
including rule numbers, designations of source and destination hosts, a designation of a special 
service and a specification of an action to be taken on a packet. 

However, Coss does not teach or suggest that the table stores sets of at least one primary 
rule , called "primary metarules," in a parameterizable form and in corresponding relationship to 
primary identifiers , as claimed. Specifically, the rules of Coss do not appear to be in 
parameterizable form. 

Claim 1 further recites: 

" management means which is coupled to control means of 
said data processing server and, on receipt of auxiliary 
data representing operating parameters that request 
reconfiguration of the control means , the auxiliary data 
delivered by said control means after reception by the data 
processing server of secondary data that requires 
reconfiguration of the control means, selects at least one 
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of the primary identifiers in the first table and 
associates said auxiliary data therewith so as to define 
dedicated processes of said control means" 



The Examiner asserts that column 4, lines 3-6 and column 5, lines 35-46 teach this aspect 
of the claim. Coss discloses a table can provide for categories including rule numbers, 
designations of source and destination hosts, a designation of a special service and a 
specification of an action to be taken on a packet. Further, Coss discloses that stateful packet 
filtering may be implemented by caching rule processing results. However, Coss does not teach 
at least the interrelationship between the management means, controls means, data processing 
server, auxiliary data and secondary data, as claimed. 

The Examiner states that Coss does not disclose "on receipt of auxiliary data representing 
operating parameters that request reconfiguration of the control means ," and cites Bellinger, 
paragraph [0077], to cure the deficiency. 

However, Bellinger does not cure the deficiencies of Coss disclosed above. Further, 

Bellinger discloses: 

Each service request, for both registration and 
activation, is sent via XML from the Service Provider's 
portal server to the central controller. The controller 
interprets the request by passing the service parameters 
through the pre-defined rules associated with the Service 
Offering and stored in the LDAP directory. These rules 
could be as simple as sending a configuration request to a 
Firewall to allow or deny access to specific ports, or it 
could be more complex as in the case of an Application 
Service where the central authority may have to pass access 
information to the application server, set up a VPN between 
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the user and application server, punch through a firewall 
and modify the available bandwidth and QoS to the user. 

However, contrary to the Examiner's assertions, there is no teaching or suggestion that 
on receipt of auxiliary data representing operating parameters that request reconfiguration of 
the control means , as claimed. 

For at least the above reasons, claim 1 and its dependent claims should be deemed 
allowable. 

To the extent independent claim 9 recite similar subject matter, independent claim 9 and 
its dependent claims should be deemed allowable for at least the same reasons. 

Claim 19 

Claim 19 recites, inter alia, "wherein the primary metarule comprises one of definitions 
and prototypes of sets of the least one primary rule." Applicant refers the Examiner to, for 
example, page 11, lines 5-25 of the specification for further clarification. 

Applicant submits that the art cited by the Examiner does not teach this aspect of the 
claim. Therefore, claim 19 should be deemed allowable. 

III. Conclusion 

In view of the above, reconsideration and allowance of this application are now believed 
to be in order, and such actions are hereby solicited. If any points remain in issue which the 



18 



AMENDMENT UNDER 37 C.F.R. § 1.114(c) 
U.S. Application No.: 10/511,898 



Attorney Docket No.: Q83 178 



Examiner feels may be best resolved through a personal or telephone interview, the Examiner is 
kindly requested to contact the undersigned at the telephone number listed below. 

The USPTO is directed and authorized to charge all required fees, except for the Issue 
Fee and the Publication Fee, to Deposit Account No. 19-4880. Please also credit any 
overpayments to said Deposit Account. 

Respectfully submitted, 
/Ruthleen E. Uy/ 

SUGHRUE MION, PLLC Ruthleen E. Uy 

Telephone: (202) 293-7060 Registration No. 5 1 ,361 

Facsimile: (202) 293-7860 

WASHINGTON OFFICE 

23373 

Date: July 19, 2010 
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